Workflows are using Github/AWS OpenID connect to perform the AWS
authentication (refs).
If your repository needs to access AWS you will need to create a dedicated CI profile
in infra-ci.
This workflow will output a version for the current build:
sha
will compute the short git sha of the current committag
will fetch the tag at the current commit
Typically sha
versions are used for preproduction/staging while tag
versions are used for production.
jobs:
version:
uses: sencrop/github-workflows/.github/workflows/version-v3.yml@master
with:
from: sha | tag
You can use it in subsequent jobs using ${{ needs.version.outputs.version }}
and ${{ needs.version.outputs.previous_version }}
.
This workflow will trigger release-please. Pull requests and commits will be performed by the sencrop release bot.
jobs:
release-please:
uses: sencrop/github-workflows/.github/workflows/release-please-v1.yml@master
secrets: inherit
These workflows are designed for generic terraform application code. For ECS application managed by terraform you should look into [the dedicated workflows below](# ECS workflows).
Perform a terraform plan against preproduction
and production
environment and post the result to the pull request.
jobs:
terraform:
uses: sencrop/github-workflows/.github/workflows/terraform-plan-v2.yml@master
secrets: inherit
with:
working_directory: ./terraform
The list of environment can be overrided using the environment
variable.
with:
environments: "['preproduction']"
If you need to use a private runner set self_hosted
to true
.
with:
self_hosted: true
For arguments non supported by default you should use the extra_args
variable.
with:
extra_args: -var-file=users.tfvars
Perform a terraform apply against the given environment.
jobs:
terraform:
uses: sencrop/github-workflows/.github/workflows/terraform-apply-v2.yml@master
secrets: inherit
with:
environment: "preproduction or production"
working_directory: ./terraform
This workflow wraps the same logic as terraform-apply
but adds the deployment notification and tracking logic.
jobs:
infra:
uses: sencrop/github-workflows/.github/workflows/terraform-deploy-v1.yml@master
secrets: inherit
with:
application: my-application
environment: preproduction or production
version: new-version
This workflow build and push a docker image to an elastic container repository.
jobs:
image:
uses: sencrop/github-workflows/.github/workflows/docker-push-v4.yml@master
secrets: inherit
with:
image_name: your-image-name
image_tag: your-image-tag
cpu_architecture: arm64
If you build often your docker image you might benefit from the built in cache management.
with:
cache_docker_layers: true
This workflow add a tag to an existing image in our elastic container repository.
jobs:
image:
uses: sencrop/github-workflows/.github/workflows/docker-tag-v1.yml@master
secrets: inherit
with:
image_name: your-image-name
image_tag_from: the tag value of an existing image
image_tag_to: the new tag value
This workflow build an experimental docker version and send the build ID to the github pull request.
jobs:
image:
uses: sencrop/github-workflows/.github/workflows/docker-experiment-v2.yml@master
secrets: inherit
with:
image_name: your-image-name
cpu_architecture: arm64
This is a more specialized version of the terraform plan workflow dedicated
to standard ECS fargate service.
The main difference is that this workflow will fetch the currrently deployed docker image tag version on aws and pass it
to the plan.
jobs:
terraform:
uses: sencrop/github-workflows/.github/workflows/terraform-plan-ecs-v3.yml@master
secrets: inherit
This workflow will trigger a deployment of the given version of a standard ECS fargate application. The outcome of the deployment will be notified on slack.
The infrastructure code must defined the deployed service in the ecs_services
output.
output "ecs_services" {
value = ["svc1", "svc2"]
}
jobs:
deploy:
uses: sencrop/github-workflows/.github/workflows/ecs-deploy-v3.yml@master
secrets: inherit
with:
version: new-version
environment: "preproduction or production"
application: my-application
slack_channel: my-ops-slack-channel
If your service uses a static docker image tag you may set the flag use_version_as_docker_image_tag
to false
.
This workflow will start an ECS service. If the service is already running it has no effect.
start_service:
uses: sencrop/github-workflows/.github/workflows/ecs-start-v2.yml@master
secrets: inherit
with:
service: my-service
environment: preproduction or production
This workflow will stop an ECS service. If the service is already stopped it has no effect.
stop_service:
uses: sencrop/github-workflows/.github/workflows/ecs-stop-v2.yml@master
secrets: inherit
with:
service: my-service
environment: preproduction or production
This workflow will restart a running ECS service.
restart_service:
uses: sencrop/github-workflows/.github/workflows/ecs-restart-v2.yml@master
secrets: inherit
with:
service: my-service
environment: preproduction or production
This workflow will deploy a web application to Netlify.
jobs:
deploy:
uses: sencrop/github-workflows/.github/workflows/netlify-deploy-v1.yml@master
secrets: inherit
with:
application: my-application
version: version
environment: staging or production
s3_bucket: bucket where the artifacts are published (using the [upload-artifact](https://github.com/sencrop/github-workflows/blob/master/actions/upload-artifact/action.yaml) action)
This workflow will deploy a web application in preview mode to Netlify.
jobs:
deploy:
uses: sencrop/github-workflows/.github/workflows/netlify-deploy-v1.yml@master
secrets: inherit
with:
application: my-application
version: version
environment: staging or production
s3_bucket: bucket where the artifacts are published (using the [upload-artifact](https://github.com/sencrop/github-workflows/blob/master/actions/upload-artifact/action.yaml) action)
This workflow will start a RDS instance. If the database instance is already running it has no effect.
jobs:
start_db:
uses: sencrop/github-workflows/.github/workflows/rds-start-v2.yml@master
secrets: inherit
with:
db_instance: my-instance-name
This workflow will stop a RDS instance. If the database instance is already stopped it has no effect.
jobs:
db:
uses: sencrop/github-workflows/.github/workflows/rds-stop-v2.yml@master
secrets: inherit
with:
db_instance: my-instance-name
This action handles node_modules
caching after installing dependencies for javascript projects. This has to be called
while merging a main branch so further GitHub action execution can benefit from this cache later on.
---
name: Update node_modules cache
on:
push:
branches:
- master
paths:
- package-lock.json
- package.json
jobs:
update_cache:
uses: sencrop/github-workflows/.github/workflows/node_modules_cache-v1.yml@master
secrets: inherit
with:
use_legacy_peer_deps: false
use_ignore_scripts: true
Once the node_modules
cache is filled in, it can be used later on to prevent unnecessary dependencies install
operations (see npm-ci-with-cache).
Standard actions can be reused in any custom or standard workflows.
This action will authenticate the current CI wokrflow with AWS.
The variable AWS_ACCOUNT_ID
is a global github variable accessible to all private repositories.
This action requires the id-token: write
permission.
jobs:
my-job:
permissions:
id-token: write
steps:
- name: Configure aws credentials
uses: sencrop/github-workflows/actions/configure-aws-credentials@master
with:
aws_account_id: ${{ vars.AWS_ACCOUNT_ID }}
This action will notify in slack and in datadog that a deployment has been initiated for an application.
jobs:
my-job:
steps:
- name: Notify deployment in progress
uses: sencrop/github-workflows/actions/notify-deployment-in-progress-v2@master
with:
service: my-service
environment: preproduction or production
dd_api_key: ${{ secrets.DD_API_KEY }}
former_version: version N-1
new_version: version N
slack_bot_token: ${{ secrets.SLACK_BOT_TOKEN }}
This action will track in datadog the deployment time based on the duration the Github Action workflow.
This action requires the actions: read
permission.
jobs:
permissions:
actions: read
my-job:
steps:
- name: Track deployment time
uses: sencrop/github-workflows/actions/track-deployment-time-v2@master
with:
application: my-app
environment: preproduction or production
dd_api_key: ${{ secrets.DD_API_KEY }}
This action setup terraform using the version defined in main.tf
. The version must be strictly defined.
jobs:
my-job:
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Terraform setup
uses: sencrop/github-workflows/actions/setup-terraform@master
with:
working_directory: path/to/tf/directory
This action installs npm dependencies by checking first at node_modules
cache (
see node-module-cache):
- name: NPM CI Install
uses: sencrop/github-workflows/actions/npm-ci-with-cache@master
with:
npm_token: ${{ secrets.NPM_TOKEN }}
use_legacy_peer_deps: false
use_ignore_scripts: true